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Abstract — Cloud is not a destination. It is an approach. Cloud service providers, along with cloud technology vendors, 
today are working towards developing a cloud ecosystem. The main area of concern in cloud ecosystem is security and 
trust. As Public Key Infrastructure (PKI) technology has undergone a renaissance, enabling computer to computer 
communications this paper will describe the ways to implement trust models using Microsoft Windows Azure. This paper 
will provide implementations to the trust model used to enable trust in Cloud. 
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I. INTRODUCTION 

Cloud computing is rapidly emerging as a new paradigm for delivering computing as a utility. While enterprises in 
India are apprehensive about public clouds, they would still like to avail themselves benefits that cloud computing have to 
offer. The idea behind any cloud computing proposal is for you to pay only for what you use, scaling up or down according 
to business needs. Vendors supporting cloud computing can interpret this statement differently, providing varying levels of 
services to achieve this result. The industry is now on its way towards cloud computing and virtualization is the 
infrastructure on which it is being built. The cloud model will see a rapid adoption in India, as business \\ ill appreciate how 
technology enables them to easily expand scalability and enhance elasticity [1]. 
This paper is organized in the following sections: 

In Section II, we give a background of the technologies and trust model to be used. In Section III we describe the 
implementation methodologies of cloud based PKI. In Section IV we will discuss Conclusion and future work. 

II. BACKGROUND 

A. Public Key Infrastructure 

PKI consists of programs, data formats, procedures, communication protocols, security policies and public key 
cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate 
in a secure and predictable fashion. PKI provides authentication, confidentiality, non repudiation, and integrity of the 
messages exchanged. PKI is hybrid system of symmetric and asymmetric key algorithms and methods [2-4]. A public-key 
infrastructure (PKI) is a framework that provides security services to an organization using public key cryptography. These 
services are generally implemented across a networked environment, work in conjunction with client- side software, and can 
be customized by the organization implementing them. An added bonus is that all security services are provided 
transparently — users do not need to know about public keys, private keys, certificates, or Certification Authorities in order 
to take advantage of the services provided by a PKI [5]. 

PKI and the Aims of Secure Internet Communication: The four aims of secure communication on the Internet are 
as stated earlier: confidentiality, integrity, authentication and non repudiation. Authentication is the procedure to verify the 
identity of a user. There are three different factors authentication can be based on. These factors are something the user 
knows, something the user possesses and something the user is. Something the user knows could be a password that is a 
shared secret between the user and the verifying party. This is the weakest form of authentication since the password can be 
stolen through, for example, a dictionary attack or sniffing the network. Something the user possesses could be a physical 
token like a credit card, a passport or something digital and secret like a private key. This authentication form is usually 
combined with something the user knows to form a two-factor authentication. For instance, a credit card and a PIN are 
something possessed and something known. Something the user is could be something biometric like a fingerprint, DNA or 
a retinal scan which is unique for the user. 

B. Cloud Computing 

Gartner defines cloud computing as Scalable, IT related capabilities provided as a service on Internet. The term 
cloud computing implies access to remote computing services offered by third parties via a TCP/IP connection to the public 
Internet. The cloud symbol in a network diagram, which initially represented any type of multiuser network, came to be 
associated specifically with the public Internet in the mid 1990s[6].Cloud computing is defined as a model for enabling 
convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, 
storage, applications, and services) thai can be rapidly provisioned and released with minimal management effort or cloud 
provider interaction [ 7 1 . 
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1) Cloud services exhibit five essential characteristics [6-7] that demonstrate their relation to, and differences from, 
traditional computing approaches: 

a) On-demand self-service: Computing capabilities are available on demand without any interference of third party. 

b) Broad network access: Capabilities are available over the network and accessed through standard mechanism', that 
promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as 
other traditional or cloud based software services. 

c) Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi- 
tenant model, with different physical and virtual resources dynamically assigned and reassigned according to 
consumer demand. Examples of resources include storage, processing, memory, network bandwidth, and virtual 
machines. Even private clouds tend to pool resources between different parts of the same organization. 

d) Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in some cases automatically to quickly 
scale out; and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning 
often appeal to be unlimited and can be purchased in an\ quantity at any time. 

e) Measured service: Cloud systems automatically control and optimize resource usage by leveraging a metering 
capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, or 
active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both 
the provider and consumer of the service. 

NIST Visual Model of Cloud Computing Definition gives the overall perspective and definition of what cloud computing is 
[7]: 
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Fig. II.B NIST Visual Model of Cloud Computing 
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Service Models: Cloud computing can be classified by the model of service it offers ir 
i. IaaS (Infrastructure as a Service): The capability provided to 

computing, or network resources with which the customer can run z 

or any software that they choose, 
ii. PaaS (Platform as a Service): The cloud provider not only provides the hardware, but they also provide a toolkit 

and a number of supported programming languages to build higher level services (i.e. software applications that 

are made available as part of a specific platform). 
iii. SaaS (Software as a Service): The SaaS customer is an end-user of complete applications running on a cloud 

infrastructure and offered on a platform on-demand. The applications are typically accessible through a thin client 

interface, such as a web browser. 
Deployment Models: Clouds can also be classified based upon the underlying infrastructure deployment model as Public, 
Private, Community, or Hybrid clouds. 
1. Public Cloud: A public cloud's physical infrastructure is owned by a cloud service provider. Such a cloud runs 

applications from different customers who share this infrastructure and pay for their resource utilization on a utility 

computing basis. 
11. Private Cloud: A pure private cloud is built for the exclusive use of one customer, who owns and fully controls this 

III. Community Cloud: When several customers have similar requirements, they can share an infrastructure and might 
share the configuration and management of the cloud. This management might be done by themselves or by third 

IV. Hybrid Cloud: Any composition of clouds, be they private or public could form a hybrid cloud and be manage a 
single entity, provided that there is sufficient commonality between the standards used by the constituent clouds. 

C. Windows Azure 

Windows Azure platform consists of a highly scalable (elastic) cloud operating system, data storage fabric and 
related services delivered by physical or logic a l irtuali ■')' ind( I ei 00 in I aces The Windows Azure Software 



Implementing Trust in Cloud Using Public Key Infrastructure 

Development Kit (SDK) provides a development version of the cloud-based services, as well as the tools and APIs needed to 
develop, deploy, and man. calabl n ices in Windows Azure. 
According to Microsoft, the primary uses for Azure are to 

Add web service capabilities 10 existing packaged applications 

Build, modify, and distribute applications to the Web with minimal 

Perform services, such as large-volume storage, batch processing, ii 

off premises 

Create, test, debug, and distribute web services quickly and inexpensively 

Reduce costs and risks of building and extending on-premises resources 

Reduce the effort and costs of IT management 

The Windows Azure Platform supports three types of scalable persistent storage: 

unstructured data (blobs) 

structured data (tables) 
x. messages between applications, services, or both (queues) 

D. Transport layer Security: 

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applic; 
users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop o 
any message. TLS is the successor to the Secure Sockets Layer (SSL) [8J. 

Transport Layer Seeurii) (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that 
provide endpoint authentication and secure communications over any transport. TLS is normally associated with Internet 
can be applied to any transport layer, including sockets and HTTP. Sending unencrypted messages 
s the risk that messages can be intercepted or altered. TLS security technology automatically encrypts e-mail 
messages between servers thereby reducing the risk of eavesdropping, interception, and alteration. 

E. Trust Models 

Enterprise Boundary[5] co 
procedure of security. 
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Fig. II.E.1 Public root CA and public CA 

s of a public root CA and the Public CA which are connected by some enterprises ii 
ime rules of security and some individually connected by public CA's. 
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Advantage of above model is that all web browsers trust the r 
generated in the hierarchy, 
i. This model lacks in following: 

Trust point (CA certificate) is outside the enterprise boundary and is 

No control of security properties of PKI 

Key Strength: 3072 bit RSA rather than 1024 bit RSA. 

Certificate extensions: Key usage. 

Inability to issue certificate and certificate revocation information o: 

High implementation cost. 



t CA certificate, and hence all certificates 



:s certificates to other parties. 



2) Public root CA and Enterprise CA 
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Fig. II.E.2 Public Root CA and Enterprise CA 

of a public root CA and an enterprise CA which rules the s< 



Advantages of the above model are: 

Trust point (CA certificate) is inside the enterprise boundary. 

On demand certificate and certificate revocation issuing. 

Web browsers trust the root CA certificate, and hence all certificates generated in the hierarchy. 

Disadvantages of the above model that is supports Limited control of security properties of PKI and the 
implementation cost is too high. 
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Fig. II.E.3 Enterprise root CA and enterprise CA 

Above model operates completely in enterprise boundary which means complete 
cnia pi iscs communication and remote access. 

Advantages of above model are: 

Trust points (Root CA and CA certificates) are inside the enterprise boundary. 
Full control of security properties of PKI. 
On demand certificate and certificate re 



s established between the 
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The only disadvantage of the above model is Web browsers do not trust the root CA certificate, and hence all 
certificates generated in the hierarchy. 

III. IMPLEMENTATION METHODOLOGIES 

Above trust models can be implemented by following methodologies in a sequence for reducing risks in cloud 
computing and develops trust of cloud customer in cloud. 
Summary of the protocols and algorithms to be used in following methodologies are: 

Transport Layer Security is used as secure protocol. Advanced Encryption Standard is used for cipher algorithm 
with secure hash Algorithm and RSA as key exchange. 

F. Public root CA and Public CA 

In this model only thing we have to look around is the sec 
n using Advanced Encryption standard. 



mplementing Transport Layer 
Security 



Checking for the available 

certificates supported by public 
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Implementing 128 bit AES managed 

code for encryption and decryption 

of the data for data privacy 



Fig. III. A Methodology for model 1 
G. Public Root CA and Enterprise CA 

In this model only thing we have to look around is the secure communication 
certificate which make . enterprise CA, we import the certificates in the browser and si 
Advanced Encryption standard. 
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Data privacy is maintained 
using 128 bit AES Algorithm 



Fig. 3.B. Methodology for model 2 
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H. Enterprise Root CA and Enterprise CA 



Implementing Transport layer Security 



Creating Enterprise Root CA and importing their self 
signedcertificates 



Creating Enterprise CA and importing their self 
signed certificates 



Data privacy is maintained using AES Managed 
code 



FigJ.C Methodology for model 3 

IV. CONCLUSION and Future Work 

In this model the methodology that is implemented is quite complicated in this we have to create both the CA and 
have to maintain it across the enterprises which lie in enterprise boundary. The table below shows the comparison between 
three models on various parameters which have been calculated logically: 



Parameters 


Public Root 

CAand 
Public CA 


Public Root 

CAand 

Enterprise CA 


Enterprise 
Root CA and 
Enterprise CA 


Secure 


Less 


Medium 


More 


Privacy 


Less 


Medium 


More 


Trust 


Medium 


Medium 


High 


Cost 


High 


High 


High 


Feasibility 


High 


Medium 


low 


Performance 


High 


Low 


Low 



Table IV Comparative Analysis 

By implementing the above model we can easily avail the trust within the enterprise boundary using Microsoft 
platform .By creating Root CA and Enterprise CA with the decision of all the enterprises may build the complete trust in the 
cloud. Technologies and incentives to access or destroy systems emerge as technology moves forward and the value of the 
system increases. Hence, a system can only be classified secure to an extent or not secure at all. One critical factor in 
security is cost. To limit the incentives to break the system, the cost of breaking the system should be higher or equal to the 
value of the information the system is protecting. The paper has discussed a model to build trust in Cloud using public key 
Infrastructure. Despite of the limitation of browser support it can be widely used by enterprises. The application of the above 
model can be the different plants and branch offices that want to share same data can create a public cloud and define their 
own Root CA and CA to ensure confidentiality and integrity of the data. While working on future scope we can easily make 
a cloud consumer trust that their data is safe on cloud that too within their own enterprise boundary. In future these 
algorithms can be expanded with the new forthcoming algorithms to eliminate the disadvantages of the existing system. 
Various performance factors can be improved in the cloud for the use of cloud with full trust. 
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